Ransomware Attack on Oklahoma Sleep Institute by ThreeAM

Incident Date: Oct 10, 2024

Attack Overview

VICTIM

The Oklahoma Sleep Institute

INDUSTRY

Hospitals & Physicians Clinics

LOCATION

USA

ATTACKER

Threeam

FIRST REPORTED

October 10, 2024

Request Removal

Ransomware Attack on Oklahoma Sleep Institute by ThreeAM Group

The Oklahoma Sleep Institute LLC, a key player in the healthcare sector specializing in sleep medicine, has recently fallen victim to a ransomware attack orchestrated by the ThreeAM group. This incident underscores the growing threat of cyberattacks on healthcare providers, particularly those handling sensitive patient data.

About Oklahoma Sleep Institute

Founded in 2003, the Oklahoma Sleep Institute is dedicated to diagnosing and treating sleep disorders such as Obstructive Sleep Apnea, insomnia, and narcolepsy. With approximately 26 employees, the institute operates in Oklahoma City and Tulsa, providing advanced diagnostic services and personalized treatment plans. The institute is recognized for its patient-centric approach, offering comprehensive care through a team of Advanced Registered Nurse Practitioners and a Board Certified Sleep Physician.

Details of the Attack

The ThreeAM ransomware group has claimed responsibility for the attack, which involved the unauthorized acquisition of sensitive data from the institute. This breach poses significant risks to patient confidentiality and the integrity of the institute's operations. The attack highlights vulnerabilities in the healthcare sector, where the protection of sensitive information is paramount.

Profile of ThreeAM Ransomware Group

ThreeAM is a relatively new ransomware strain, known for its sophisticated methods and connections to other cybercriminal organizations. Written in Rust, the ransomware encrypts files and appends the extension ".threeamtime" to them. It is often used as a fallback option when other ransomware deployments, such as LockBit, fail. The group is linked to well-known ransomware entities like Conti and Royal, indicating a shared infrastructure and tactics.

Potential Vulnerabilities and Penetration Methods

The attack on the Oklahoma Sleep Institute may have exploited common vulnerabilities in healthcare IT systems, such as outdated software or insufficient security protocols. ThreeAM's strategy often involves disabling security and backup services to maximize damage, which could have been a factor in this breach. The institute's reliance on digital technology for patient care and data management makes it a prime target for such sophisticated cyber threats.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.